Privacy statement for corporate volunteers
This privacy notice relates to employees that volunteer through their company with Royal Voluntary Service.
To run the Programme, Royal Voluntary Service will need to collect, use and store personal data relating to employees who wish to volunteer in the Programme. Under UK data protection law, Royal Voluntary Service will be the controller of such personal data. This means that Royal Voluntary Service is required to explain to such members of the public how their personal data will be processed and what data protection rights they have.
Please read over this privacy notice carefully, because it contains important information about who we are and how and why we collect, store, use and share personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
In this privacy notice, for convenience, we use the following defined terms:
Our Data Protection Officer -
Personal data - any information relating to an identified or identifiable living individual
Programme - Any volunteering programme for corporate employees
We, us, our - ROYAL VOLUNTARY SERVICE (a company incorporated in England and Wales with registered number 2520413, and a registered charity with number 1015988) whose registered office is at Hanley Centre, 29 Charles St, Stoke-on-Trent ST1 3JP.
You, your - The person applying to become a volunteer
Personal data we will collect
When you apply to become a volunteer for the Programme, we may collect the following personal data about you:
- Your full name
- Your email address and telephone number
- Your address
- Your date of birth
- Your first and second languages
- Your IP address (the location of your computer on the internet)
- Sufficient data in order to be able to complete a DBS check (if applicable to the role you will undertake).
Additionally, whilst completing our COVID-19 vulnerable persons risk assessment (if applicable to the role you will undertake), we may collect the following personal data:
- Information about your ethnicity
- Information relating to your health.
How and why we use your personal information
Under UK data protection law, we can only use your personal data if we have a lawful basis for doing so. For example:
- to comply with our legal and regulatory obligations
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a reasonable need to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use your personal data for and our lawful basis for doing so under UK data protection law:
What personal data we use
Why we use it
Our lawful basis
Your name and other personal details (address, telephone number, email address, date of birth).
To administer your volunteering activity with us
Our legitimate interest in administering your volunteering effectively
Information in relation to your ethnicity and your health (if applicable)
To effectively undertake a COVID-19 vulnerable persons risk assessment
Our legitimate interest in ensuring appropriate risk assessments are carried out.
Information to undertake a DBS check (if applicable)
To ensure you have the necessary level of DBS clearance for the role
Our legal obligation to ensure you are a suitable person to provide the required level of volunteering support.
Our legitimate interest in ensuring the safety and wellbeing of individuals.
Information highlighted by a completed DBS check (potential criminal convictions)
To undertake a risk assessment to ensure suitability for the role.
Our legitimate interest in ensuring the safety and wellbeing of individuals.
Data we collect automatically if you use our website
To enable us to run the website effectively
Our legitimate interests and, in relation to cookie data, your consent. You can find more information about our lawful basis for using such data in our general privacy notice, available on the Royal Voluntary Service website
DBS and criminal convictions data
The completion of a DBS check (if applicable to role you will undertake) could potentially highlight criminal convictions data. Where a DBS check highlights any additional information such as criminal convictions, a risk assessment will be undertaken by us to assess your suitability for the volunteering role. Our risk assessment will be based on internal guidance which reflects best practice relating to the rehabilitation of offenders.
Whenever we need to process criminal convictions data about you, in addition to having a lawful basis for processing (as set out in the above table), we are also required to satisfy one or more additional conditions under UK data protection law. We will rely upon the following condition:
- That we need to process criminal convictions data for safeguarding purposes.
We are required to have an ‘appropriate policy document’ in relation to our processing of criminal convictions data. If you would like to see a copy of our appropriate policy document, please contact us.
Ethnicity and health data
We may process ethnicity and health data about you because:
- Depending on the volunteering role you will undertake, we are required to undertake a COVID-19 vulnerable persons risk assessment, in which a person states their ethnicity and information about their health.
Whenever we need to process ethnicity and health data about you, in addition to having a lawful basis for processing (as set out in the above table), we are also required to satisfy one or more additional conditions under UK data protection law. We will rely upon the following condition:
- Article 9(2)(d) – Not for profit bodies.
We are required to have an ‘appropriate policy document’ in relation to our processing of ethnicity data. If you would like to see a copy of our appropriate policy document, please contact us.
We will always treat your personal data with the utmost respect and will not sell or share it with other organisations for marketing purposes.
We will only communicate with you on an ongoing basis to inform you about the work we do, which includes fundraising, if we have your consent to do so. Please note that you have the right to withdraw your consent to us contacting you for this purpose at any time (to do so, please use the contact details set out in the section ‘Key Terms’ above).
Sharing of your personal data with third parties
In order to effectively administer the Programme, we will need to share your personal data with your employer. Details are as follows:
- Personal data will be shared with your employer for monitoring and evaluation purposes. The data shared will be that which is contained on your application form.
- In the event of any additional information being highlighted by the DBS check (if applicable), a risk assessment will be undertaken to assess your suitability for the role. If the risk assessment highlights that you are unsuitable for the role, then your employer will be informed that the recruitment process has been discontinued. Details of any convictions highlighted by the DBS check will not be communicated to your employer.
- In the event of any complaint or safeguarding concern made against you whilst volunteering, we may share details of the complaint/concern and any subsequent investigation with your employer.
We may also disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
How long your personal information will be kept
We will retain your personal information for the duration of your time volunteering with us, plus a period of 6 months to allow for monitoring and evaluation. Any information gained as a result of safeguarding concerns/investigations will be kept in accordance with relevant requirements and securely stored/managed on internal databases.
Deletion of personal data
Once it is no longer necessary for us to retain your personal data, we will ensure that it is permanently and securely deleted or anonymised.
Where your personal information is held
Your personal data will be held in the UK on our secure servers. It will not be transferred by us outside the UK and/or EEA.
Keeping your personal information secure
We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Under data protection law, you have a number of different rights which you can exercise free of charge. These are described in the table below. Some of the rights only apply in certain circumstances and not all of the rights will be relevant in relation to our use of your personal data:
Access - The right to be provided with a copy of your personal data (the right of access)
Rectification - The right to require any mistakes in your personal data to be corrected
To be forgotten - The right, in certain circumstances, to require that your personal data is deleted
Restriction of processing - The right, in certain circumstances, to require use of your personal data to be restricted (for example, if you contest the accuracy of the data)
Data portability - The right, in certain circumstances, to receive your personal data in a structured, commonly used and machine-readable format and/or transmit that data to a third party
To object - The right to object to your personal data being processed for direct marketing (including profiling) and the right, in certain circumstances, to object to the continued processing of your personal data on the basis of legitimate interests
Not to be subject to automated individual decision making - The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
For further information on each of these rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of your rights, please email, call or write to our Data Protection Officer (see above: ‘Key Terms’). Please note that we will ask you to:
- Let us have enough information to identify you;
- Provide us with proof of your identity and address (e.g. a copy of your driving licence or passport); and
- Let us know what right you want to exercise and the information to which your request relates.
How to complain
We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your personal data.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
Changes to this privacy statement
This privacy notice was first published on 28 February 2023.
We will make updated versions of this privacy notice available on our website.
How to contact us
Our contact details are shown above in the Key Terms section.